now browsing by tag


Getting fit while learning to fight | #students | #parents | #parenting | #parenting | #kids

Source: National Cyber Security – Produced By Gregory Evans

Maddie Leek is a different kind of personal trainer. She will add a little bit of punch to your fitness program. Okay, actually a lot of punch. We caught up […]

The post Getting fit while learning to fight | #students | #parents | #parenting | #parenting | #kids appeared first on National Cyber Security.

View full post on National Cyber Security

Learning Questions Posed As Tech Companies Connect Students Through Covid | #teacher | #children | #kids | #parenting | #parenting | #kids

Technology Private technology companies are rolling out free initiatives for students as Covid-19 highlights the importance of connectivity. Laura Walters takes a look at the opportunities for tech companies and what […] View full post on National Cyber Security

Nearly 4,000 new students at Catholic schools in Boston, 700 in Springfield as they field calls from parents wanting in person learning | #Education | #parenting | #parenting | #kids

Nearly 4,000 new students at Catholic schools in Boston, 700 in Springfield as they field calls from parents wanting in person learning | #Education | Parent Security Online […] View full post on National Cyber Security

Board of Education Candidate Talks With High School Students About Virtual Learning | #Education | #parenting | #parenting | #kids

Board of Education Candidate Talks With High School Students About Virtual Learning | #Education | Parent Security Online ✕ Parent Security Online FREE VIEW […] View full post on National Cyber Security

Exclusive survey: Teens dislike online learning | #socialmedia | #children | #parenting | #parenting | #kids

Most American teens think online school is worse than going in person, but less than a fifth of them think that it makes sense to be in person full-time while […] View full post on National Cyber Security

Bucks County COVID-19 Recovery Fund Awards Grants To Help Navigate Remote Learning | #covid19 | #kids | #childern | #parenting | #parenting | #kids

A student partaking in remote learning in spring. File photo. The Bucks County COVID-19 Recovery Fund has distributed funds to assist school-aged kids experiencing homelessness navigate remote learning. The United […] View full post on National Cyber Security

Minnesota parents rush to set up pods to boost distance learning | #facebookdating | #tinder | #pof | romancescams | #scams

_________________________ Once she found out that Minneapolis Public Schools would be starting the year with online learning, Katy Armendariz started texting two oth­er fami­lies about how they could get through […] View full post on National Cyber Security

#cybersecurity | #hackerspace | K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment

Source: National Cyber Security – Produced By Gregory Evans

12-Step Remote Learning Checklist to Help District IT Protect Student and Staff Data

K-12 school districts across the country are shutting down to increase “social distancing” and help slow down the outbreak of COVID-19—the disease caused by exposure to the new coronavirus. Many are either considering or preparing for a shift to remote learning for the remainder of the year.

Technologies focused on learning management, online teaching, collaboration, and video conferencing will help districts provide students and staff with the tools needed to move forward with remote learning. This shift requires a lot of time and effort for district IT teams to vet, implement, and support in the coming weeks.

But K-12 IT teams must also plan for the adjustments in cyber safety and security this shift will require.

Students and staff will be accessing their Google and/or Microsoft accounts from locations outside of the school’s networks. They will also be using new, often OAuth-enabled, EdTech SaaS for a variety of learning and student management purposes. Both of these trends expose district information systems to data security and student data privacy risks.

G Suite & Office 365 Data Security & Student Safety Remote Learning Checklist

What is G Suite and Office 365 security and student safety? It is the district’s ability to have visibility and control into the activity taking place in collaborative cloud software as a service (SaaS) applications—such as Google G Suite and Microsoft Office 365—commonly used by districts today.

If or when your district moves to remote learning, traditional perimeter security safeguards, such as firewalls and content filters, become less effective. This is especially true if your district doesn’t have 1:1 device capabilities. Students will be accessing their school account from an unmanaged device without all the security measures a district device would have.



To help K-12 IT teams securely transition to remote learning and working, we’ve developed this 12-step remote learning checklist focused specifically on cybersecurity and safety protections.

1. Document remote work security policies

Your district’s staff and students are likely not used to working in a remote environment, and may not realize that security tools like firewalls and web content filters are less effective outside your district’s network. If your district hasn’t done so already, now is the time to create and document remote work security policies.

Start by developing a document outlining a list of approved cloud applications to be used for remote learning purposes. If your district doesn’t have a learning management system (LMS) or other remote learning tools already available, consider looking into tools such as BrainPop, Discovery Education, Agilix, Edmentum, and more. Other cloud applications your district’s IT team may want include Zoom, Google Hangouts, Cisco’s Webex, or another popular video conferencing tool that your district is comfortable with using.

Once your team has decided which cloud apps are approved, make sure to include the list in your district’s remote work security policy document. You may also consider including a list of apps that shouldn’t be downloaded and installed.

If your district isn’t 1:1, this will be tougher to enforce due to the fact that students will be accessing their school accounts from an unmanaged device. However, having a guide in place will prove useful in helping students and staff protect their devices, and sensitive data, when logging in to use these apps from home.

2. Create employee cybersecurity training & testing

Simple human error is the number one reason cybersecurity incidents happen in any organization. Educate your district’s staff, students, and parents on common cybersecurity best practices and what to look for in terms of possible red flags.

Create guidelines that encourage students, staff, and parents to look at who emails are coming from. Does the email domain match your district? If there are any links within an email, does the redirect URL match the destination the email claims?

Same goes for file attachments. Are they coming from a trusted source and do the documents pertain to any lessons or assignments students and staff are working with?

You may also want to consider testing your users’ ability to recognize a suspicious email.

One common tool to send out phishing email tests to see how prepared and educated your district stakeholders are regarding cybersecurity is KnowBe4. With this tool, your IT team can conduct phishing tests, password strength tests, email exposure and domain tests, and more. This way, your team has a better picture of where your weaknesses lie and what you need to educate further on during this hectic time.

3. Monitor student and staff account logins

Students and staff will be logging into their school accounts from outside of your district’s security perimeter—and from an unmanaged device if your district isn’t 1:1.

Your IT team must monitor account logins and look for anomalous behavior that may indicate an account takeover attack. Anomalous behavior might include multiple unsuccessful logins, failed multi-factor authentication checks, and successful logins from an unapproved location such as another country.




4. Check for unsanctioned 3rd party SaaS apps

Now that students will be using their school device—or a personal device—outside of school, monitoring for risky 3rd party apps is especially important. This is because malicious apps and apps with insufficient infrastructure security pose far-reaching risks to your district’s information systems.

Additionally, the flood of “free” teaching and learning apps on the market creates openings for serious OAuth security risks. Teachers and students alike may take advantage of these tools with the best intentions, but EdTech that hasn’t been properly vetted can lead to a variety of cybersecurity risks.

Your IT team should monitor which apps are granted OAuth access to district Google and/or Microsoft accounts, check what permissions are granted, and be able to remove the apps that don’t meet your infrastructure security, data security, and/or student data privacy policies.

5. Monitor for improper file sharing and access

Student data privacy laws still apply when your district transitions to remote learning, and keeping track of data becomes more difficult when students and staff access everything remotely.

To help prevent any financial, staff, and/or student data from leaving your district’s G Suite or Office 365 environment, look for drives, folders and files that have given external accounts access to view and/or edit. If any external shares are found, make sure to break them and set up policies to automatically remediate when a future external share is granted.

6. Secure personally identifiable information (PII) and create data loss prevention policies

Data loss prevention is a strategy to ensure the sensitive information of students and staff are protected and don’t inadvertently leave the network. Have your IT team start by checking email and files for PII, such as social security numbers, W2s, and bank account information. Then, delete, quarantine, or revoke access to any information that is being improperly shared.

Once complete, set up automatic policies to remediate all PII that leaves your district’s network to ensure FERPA requirements are met.

7. Create student safety monitoring & policies

Just because your district’s students are distanced from one another as a result of school closures and self-isolation, doesn’t mean that they aren’t communicating via their school Google or Microsoft accounts.

Students may be using their school accounts to send emails or use Google Docs as a chat board. It’s important for your IT team to continue monitoring for signals of cyberbullying, self-harm, inappropriate content, abuse, and other forms of student safety threats. Unfortunately, it may be easier for these issues to go undetected during this time.

8. Enable anti-phishing and anti-malware protection

With dispersed students and staff, cybersecurity risks in your district are going to increase. Your IT team will need to ensure they have anti-phishing and anti-malware protection enabled.

Students and staff will be logging in from their home networks and maybe from a personal device, which means school firewalls, web content filters and endpoint security may not be effective for the time being.

The best option for your team at the moment is to start with configuring your district’s G Suite and Office 365 anti-phishing and anti-malware capabilities, and layer additional safeguards to ensure district cloud applications are protected—regardless of the device or the location.

9. Monitor for lateral phishing activity

In the event a student or staff member at your district does fall victim to a phishing scheme, it’s important for your IT team to be monitoring the activity that is taking place within district cloud apps.

This means not only monitoring the email traffic coming from external sources, but also monitoring and analyzing emails sent from internal accounts to others. Doing so is critical to reveal signs of an account takeover and lateral phishing attack.



Are you getting phishing email alerts from an internal email address? Is a student or staff member sending an unusual number of emails to other school accounts that they don’t usually interact with? Is an account suddenly sharing and/or downloading more files than usual? These are a couple of examples of trends your team will need to look for more often in a remote learning environment.

10. Make multi-factor authentication mandatory

Multi-factor authentication requires your district’s students and staff to take a second step, after entering the correct password, to prove they have authorized access. Students and staff will be logging in from unrecognized devices, which makes this security tool a critical one for your district to have enabled during this time.

It’s also incredibly quick and easy to set up through your Google and/or Microsoft admin portal.

Multi-factor authentication typically includes entering a code that is sent to their phone via SMS. It can also include phone calls, answering security questions, mobile app prompts, and more.

11. Reset passwords across all accounts and set a password strength policy

Set policies and standards for your district’s cloud app passwords now that students and staff are accessing remotely.

At a minimum, enable your system’s “require a strong password” feature. You can also set minimum and maximum password lengths, password expiration, and more.

If your district already has policies in place, now is a good time to check current passwords to see if there are any passwords that are out of compliance and force password changes through your admin console.

12. Run a G Suite & Office 365 data security & student safety audit

With this checklist, now is an opportune time to run a cloud security audit of your district’s G Suite and/or Office 365 environment. An audit will check for any configuration errors, sharing risks, files containing sensitive information, risky 3rd party SaaS apps, and more.

It’s also important to run an audit on a periodic basis more frequently now that districts are closing or moving to remote learning. Weekly reports can be automated and provide you with detailed information into the security health of your cloud applications, and the activity taking place between students, staff, and external environments.

If your district uses SaaS applications such as G Suite and Office 365, protecting the data and accounts in these apps is a critical layer in your cybersecurity infrastructure.

Without it, monitoring and controlling behavior happening on the inside is impossible. This blind spot creates critical vulnerabilities in your district stakeholders’ sensitive information and is now a much bigger blind spot given the current circumstances.

The post K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment appeared first on ManagedMethods.

*** This is a Security Bloggers Network syndicated blog from ManagedMethods authored by Jake Kasowski. Read the original post at: https://managedmethods.com/blog/k-12-remote-learning-checklist/

Source link

The post #cybersecurity | #hackerspace |<p> K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment <p> appeared first on National Cyber Security.

View full post on National Cyber Security

biometrics, machine learning, privacy and being a woman in tech – Naked Security Podcast – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

To celebrate International Women’s Day we invite you to this all-female splinter episode. We discuss privacy, biometrics, machine learning, social media, getting into cybersecurity and, of course, what it’s like to be a woman in tech.

Host Anna Brading is joined by Sophos experts Hillary Sanders, Michelle Farenci and Alice Duckett.

Listen now!

Source link

The post biometrics, machine learning, privacy and being a woman in tech – Naked Security Podcast – Naked Security appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Immersive learning project brings computer science to MCS

Source: National Cyber Security – Produced By Gregory Evans

Editor’s Note: Will English, The Daily News’ web developer, was a part of the immersive learning class mentioned in the article.

For three years, Ball State computer science students have worked to make their field available to the next generation of computer scientists.

Since fall 2017, Ball State computer science professor Dave Largent and his students have partnered with Northside Middle School, Burris Laboratory School and Muncie Central High School for an immersive learning program focused around teaching computer hardware and software. 

The program, Largent said, encourages involvement in computer science  by teaching both students and teachers alike, so teachers can continue the instruction after the project’s completion.

“Overall, the goal would be to get as many grade school and high school students exposed to computer science as possible,” Largent said.

The original idea for the project, Largent said, was based on the idea of bringing more diversity to computer science, which he called “very white male dominated.”

“As I’ve looked at possible solutions to [the lack of diversity], one of the solutions I realized was if we can educate or make young students aware of the possibility that they can be a computer scientist in the future, then that’s going to fill that pipeline more diversity,” Largent said.

The groups of Ball State students participating in the project met several problems during the semester, including the fact that some Muncie Community Schools teachers had little to no experience in computer science, said project member Corbin Creedon, senior computer science major. Some of the biggest complications in the process involved getting teachers to open up to the learning themselves.

“Something that immediately came up for specifically our group is how our teacher had no computer science background at all,” Creedon said. “He was hired in the summer, took a quick week lesson plan from Project Lead the Way (PLTW) to learn some stuff, and that was it.”

Largent’s students were also challenged to interact with the middle and high schoolers over the course of several meetings throughout the semester, during which they taught the students in both the physical construction of computers and the creation of software.

Junior computer science major Sara Bailey said her experience as a woman in the field of computer science was an important part of wanting to work with younger students.

“I also liked working with kids, and I thought, the idea of helping kids, and especially girls like younger girls get into computer science was exciting, because personally, I know that I didn’t have that much support in middle school,” Bailey said.

Bailey and her group taught the students for nine weeks. At the culmination of the course, the students were asked to assemble a final project that showcased their understanding of computer science.

For the classes near the end of the semester, that meant designing holiday decorations.

“For these nine weeks because of Thanksgiving and Christmas, [the final projects are] primarily holiday based, so one of them was [to] create a small light system to be seen in the dark, or something like that, or create a waving Santa through [an input],” Creedon said.

Going forward, Largent said he hopes to implement the project beyond the fall semester of each year. 

In an immersive learning project composed primarily of computer science students, Largent said lowering the number of credits and adding a spring semester could make the project more appealing to students outside of the field.

“[Adding the spring semester] will provide continuous interactions with the schools throughout the year,” Largent said in an email. “With the reduced credit hours, I’m hopeful to include more students, and maybe even include some education majors as well, as it will be easier for them to include another small class into their schedule.”

Contact John Lynch with comments at jplynch@bsu.edu or on Twitter @WritesLynch.

Source link

The post #deepweb | <p> Immersive learning project brings computer science to MCS <p> appeared first on National Cyber Security.

View full post on National Cyber Security